Re: [GNUnet-developers] Camouflage

[Matthias Wachs]

We already had a lot of mails here, so just my 5 cents ...




>         This is the idea that i've been thinking on.
>         It should be possible for GNUnet node operator to hide the
>         fact that
>         his machine runs a GNUnet node.
>         
>         Ways to achieve this:
>         
>         1) Fake HELLO messages.


So if I receive your HELLO, I have to test all addresses if until I
figure out addresses working?

Why should that be harder for a malicious guy than for a benign user?

Both try to establish as many connections as possible ... so both have
to test all the addresses?

If I have 1 working address and include 9 faked addresses generated
randomly:
a) 9 out 10 do not work, one is working -> got you!
b) malicious guy can "accidently" connect to faked address-> you sent
yourself and someone else to sibiria

So in the end: I do not see any benefit here...

>         
>         2) Transport disguise.

That's an arms race you cannot win ... we are operating in the open,
anyone can download our software and even read our discussions on the
other hand we do not event have a clue who the malicious guys are and
how powerful they are. 


In the end:

- I agree to add a "Do not gossip" flag to HELLOs but only for efficency
reasons. 

- I agree to improve https server validation behaviour to prevent MITM
attacks. 

I'll file bugs for it...


> 

-- 
Dipl.-Inf. Matthias Wachs
Free Secure Network Systems Group
Technische Universitaet Muenchen
Chair for Network Architectures and Services
Institute for Informatics / I8           Tel:    +49 89 289 18037
Boltzmannstr. 3 / Room 03.05.042         Fax:    +49 89 289 18033
D-85748 Garching b. Muenchen, Germany    Email: address@hidden